Skip to content

Security Posture

The Security Posture Dashboard provides visibility into cloud security health through monitoring, risk assessment, and dashboard widgets that surface actionable security insights.

Introduction

Use the dashboard to identify, prioritize, and remediate security gaps across the cloud environment. It aggregates security signals and organizes them into coverage metrics, network security controls, infrastructure configuration, and operational status.

Key Features

Feature Description
Endpoint protection visibility Shows EPP and EDR coverage across powered-on VMs.
Expiration tracking Monitors certificate expiration and compliance deadlines.
Configuration validation Identifies risky firewall rules, exposed services, and misconfigured controls.
WAF protection status Tracks load balancer WAF enforcement and encrypted traffic configuration.

Common Use Cases

Audience Use cases
Security operations teams Monitor EPP/EDR coverage, identify exposed VMs, manage certificate lifecycle, and audit risky firewall ports.
Delivery and infrastructure engineers Validate new deployments, confirm VM protection status, review exposed VM lists, and monitor WAF configuration.

Dashboard Overview

Dashboard data is scoped by tenant selection and can be filtered by business group. Most widgets include an external-link icon that redirects to the related product page for deeper investigation.

Widget Reference Guide

Widget What it communicates Typical action
EPP Coverage Percentage of powered-on VMs with endpoint protection status Online or Not Applicable. Identify unprotected VMs and install EPP where required.
EDR Coverage Percentage of powered-on VMs with endpoint detection and response status Online or Not Applicable. Identify unprotected VMs and install EDR where required.
Exposed VMs VMs with public IPs and incoming firewall rules from the internet with source set to Any. Remove public IPs where possible, route through load balancers with WAF, or restrict source IPs.
Overview Multi-domain risk visualization for certificates, firewall rules, WAF coverage, load balancer public traffic, and users. Investigate red segments and remediate by domain.
Risky Firewall Ports Firewall rules that permit traffic on commonly risky ports. Remove direct internet access, restrict sources, or route through safer access patterns.
Certificates Status Certificate common name, associated load balancers, and expiration status. Renew expired certificates and start renewals within 90 days of expiration.
WAF and Public Load Balancer Configurations Whether public load balancers have WAF enabled and encrypted traffic configured. Enable WAF, move from transparent to blocking mode when ready, and fix plaintext traffic.
Users Overview User accounts and last login status. Review dormant accounts and run periodic access reviews.

Warning

Exposed VMs increase attack surface. Review whether the VM must be exposed directly, or whether traffic should go through a load balancer with WAF protection.

Risky Port Categories

Category Ports
Administrative and remote access SSH tcp/22, RDP tcp/3389, Telnet tcp/23, VNC tcp/5900
Database services MSSQL tcp/1433, tcp/1434; MySQL tcp/3306; PostgreSQL tcp/5432
File transfer and sharing FTP tcp/21; SMB tcp/445, udp/445, tcp/137-139, udp/137-139
Email services SMTP tcp/25
Web application services HTTP tcp/80
Network infrastructure DNS tcp/53, udp/53
Unrestricted network access All TCP tcp/1-65535; all UDP udp/1-65535
Cadence Review
Daily Expired certificates, new exposed VMs, and offline EPP/EDR agents.
Weekly Risky firewall ports and certificate expirations within 90 days.
Monthly Full dashboard review across all widgets.
Quarterly Access reviews.